The rapid growth of ASEAN’s digital economy is under threat from escalating cyberattacks, prompting calls for stronger regional commitment to cybersecurity.
A recent policy brief, Strengthening ASEAN’s Cybersecurity: Collaborative Strategies for Enhanced Resilience and Regional Cooperation, by Manager for Digital Innovation and Sustainable Economy at the Economic Research Institute for ASEAN and East Asia (ERIA) Mahirah Mahusin, and ERIA Research Assistant Hilmy Prilliadi, highlighted this urgent need for action.
Cyberattacks pose significant economic and reputational risks to both public and private sectors. Beyond financial losses, these incidents erode public trust, undermine consumer confidence, and damage the credibility of key providers. Governments, critical information infrastructure (CII) – such as energy, telecommunications, finance, transportation, and defence – private entities, and even individuals face increasing exposure to sophisticated cyber threats.
Citing statistics from Statista, the financial toll of cyberattacks is projected to rise steeply on a global scale, from USD9.22 trillion in 2024 to USD13.82 trillion by 2028.
And ASEAN, with its growing digital landscape, is not immune. By mid-2023, the region’s economic losses from data breaches had already hit USD3.05 million, up from USD2.87 million in 2022, as reported by IBM. The growth of ASEAN’s digital economy, underpinned by increasing connectivity, has also amplified the region’s vulnerability to cyber threats.
The recent policy brief also highlighted that small and medium-sized enterprises (SMEs), which make up 43 per cent of cyberattack targets, are particularly at risk due to limited technical resources. “ERIA’s ASEAN digital divide survey reveals that only 68.5 per cent of small firms have adopted cybersecurity software, leaving a significant proportion unprotected,” the authors of the brief noted.
This gap in preparedness leads to urgent need for robust, multi-stakeholder cooperation to address rising cyberattacks.
The approach includes strengthening the incident response capabilities of national entities, enhancing inter-agency collaboration for threat identification and mitigation, and fostering workforce development in cybersecurity.
Yet, the level of readiness varies widely across ASEAN Member States (AMS).
While some countries have implemented comprehensive emergency response networks that involve private sector participation, others lag behind, relying solely on government-private sector information-sharing initiatives.
“Many AMS remain in early stages of cybersecurity development, without robust mechanisms for public–private partnerships (PPPs) in cybersecurity information sharing”.
The brief highlighted several initiatives by the regional bloc to address these challenges.
The ASEAN Cybersecurity Cooperation Strategy 2021–2025 focuses on five key pillars: cyber readiness, policy coordination, trust-building, capacity development, and international collaboration.
Supporting these efforts, the ASEAN Regional CERT complements national CERTs by facilitating region-wide information sharing on cyber incidents and advancing the ASEAN Digital Economy Framework Agreement (DEFA).
It also envisions establishing an ASEAN CERT Information Exchange Mechanism and publishing an annual cybersecurity threat report. However, gaps in real-time coordination, noted during Cyber-CC’s annual meetings, necessitate ad-hoc sessions for urgent incident responses.
“A shared cybersecurity taxonomy across ASEAN would enable uniform assessment of cyber incident impacts across AMS,” the authors added.
Moreover, the brief also stated that a shortage of skilled cybersecurity professionals further challenges AMS’ operational capabilities, with demand for expertise in areas like behavioural analytics and digital forensics remaining high even in digitally advanced countries.
To address these needs, ERIA is developing an Internet Infrastructure Health Metrics Framework for AMS. This framework provides insights into AMS internet health, helping to identify areas requiring capacity building to support secure, sustainable digital infrastructure.
On its impact towards the economy, countries with high Global Cybersecurity Index (GCI) rankings often demonstrate significant Gross Merchandise Value (GMV) in their digital economies.
“This correlation highlights the importance for countries to prioritise and invest in comprehensive cybersecurity strategies to support digital economic growth.”
The authors put forward several strategic policy recommendations to strengthen cybersecurity across the region.
At the core, they stressed the importance of developing robust national and regional cybersecurity strategies, with an immediate focus on fully implementing the ASEAN Cybersecurity Cooperation Strategy 2021–2025.
To effectively combat cybercrime, they called for enhanced enforcement capabilities and regular updates to legal frameworks, ensuring they can keep pace with rapidly evolving threats.
In addition, the authors highlighted the need for balanced policies that support digital economic growth while safeguarding against cybersecurity risks.
They also underscored the value of public–private partnerships (PPPs), advocating for collaborative mechanisms and integrated reporting platforms to enhance cyber risk detection and response.
Investing in regional capacity-building initiatives, such as the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) and the ASEAN–Japan Cybersecurity Capacity Building Centre (AJCCBC), was also identified as a priority.
Finally, the authors recommended creating practical, cost-effective cybersecurity guidelines for MSMEs, complemented by training programmes to underscore the importance of cybersecurity, and reinforced by government-backed certifications for SMEs that meet international standards.
“Enhanced cybersecurity is crucial for ASEAN’s digital economy growth.
“By adopting a collaborative approach across public and private sectors, ASEAN can build a resilient and secure digital landscape that supports both economic growth and national security.” – Wardi Wasil
